GDPR (General Data Protection Regulation) is around the corner and has quite some implications for e-commerce web sites.
Koffeeware being a provider of photo centric e-commerce environments, we are obviously concerned by privacy in general and GDPR in particular.
Privacy by design
First of all, our products have always been designed with privacy as a concern. This translates into the fact that our tools only collect really needed data, the data needed to properly process and ship orders (when relevant).
Going into the details
Creator Five does not collect any personal data. The only data stored by Creator Five is an anonymous ID to the creations stored. The link between the customer account and the creation’s ID is to be managed by the host site.
inbox.photo only stores basic information to identify the customer at in-shop pick-up. inbox.photo partners can add additional data collection fields. In this case, it is their responsibility to clearly state what is done with the collected data.
Photo Web Shop
Photo Web Shop being a complete photo ecommerce environment, personal data linked to shipment of orders need to be collected and stored. This data is only used for order related communication. An additional field collects consent for marketing communication. The customer can update this information at any time in his account.
Accounts are stored on a store-by-store basis, each store manager defines his policy in term of data usage outside of Koffeeware’s control.
To understand and implement GDPR correctly, roles need to be clearly defined.
- As per GDPR, Koffeeware acts as a Data Processor.
Data Protection Officer (DPO)
In compliance with the GDPR, we have named a Data Protection Officer (DPO).
Third party service providers
Koffeeware uses the following third party service providers:
- Databases are stored on Amazon Web Services servers located in Ireland.
- Our email platform is provided by Mailjet who claims having their servers located in France.
This article may be updated to match updates to our products.